Https > can't login to panel

After site deployment and forcing https and domain without www like this:

RewriteCond %{HTTP_HOST} !=localhost
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]

I can’t login to the panel:

The panel cannot connect to the API

After removing the accounts folder I tried:

return [
  'panel' =>[
    'install' => true

But no joy:

Failed to fetch

I can login after I remove the htaccess rules, using http.
(kirby 3.3.4)

I’m using chrome, and this seems to be blocked by a CORS policy:

login:1 Access to fetch at 'xxx' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request. Failed to load resource: net::ERR_FAILED

I had some add blocker installed I’ve disabled it but no change and Safari shows the same error.

Tried Allow cross-origin requests from HTML5bp:

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"

But no change.
Not sure how to proceed, help is appreciated.

Did you put that at the top of the .htacess? Have you checked if you can set the redirect in your hosting provider’s control panel instead of in .htaccess?

my htaccess file:

# Kirby .htaccess

# rewrite rules
<IfModule mod_rewrite.c>

# enable awesome urls. i.e.:
RewriteEngine on

RewriteCond %{HTTP_HOST} !=localhost
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]

# make sure to set the RewriteBase correctly
# if you are running the site in a subfolder.
# Otherwise links or the entire site will break.
# If your homepage is
# Set the RewriteBase to:
# RewriteBase /mysite

# In some environments it's necessary to
# set the RewriteBase to:
#RewriteBase /

# block files and folders beginning with a dot, such as .git
# except for the .well-known folder, which is used for Let's Encrypt and security.txt
RewriteRule (^|/)\.(?!well-known\/) index.php [L]

# block text files in the content folder from being accessed directly
RewriteRule ^content/(.*)\.(txt|md|mdown)$ index.php [L]

# block all files in the site folder from being accessed directly
# except for requests to plugin assets files
RewriteRule ^site/(.*) index.php [L]

# Enable authentication header
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

# block direct access to kirby and the panel sources
RewriteRule ^kirby/(.*) index.php [L]

# make site links work
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php [L]


# compress text file responses
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

I will have look if I can set it in DirectAdmin …

I have set in DirectAdmin:

  • Force Redirect >
  • Redirect HTTP to HTTPS

Added the underneath to: site > config >

  'panel' =>[
    'install' => true

Deleted site > accounts

And I was able to install the panel.
Thanks @texnixe

Did I ever tell you, you are awesome? No?
You are A W E S O M E :smiley:


Thank you :slightly_smiling_face:! Always happy when problems get solved.